In May, George Mason instituted a new Data Stewardship Policy that codified the university community’s responsibilities toward the data entrusted to them in their daily work.

However, this soon led to questions about who was responsible for what data, and most importantly, what precautions were faculty, staff and students required to take to ensure compliance with the new policy. To help answer these issues, the Information Technology Unit (ITU) developed a new Desktop Computer Security web site.

“The web page identifies three levels of responsibility,” says Cathy Hubbs, IT security coordinator at Mason. “The first level is ‘basic security,’ which is a list of simple things that all computer users—faculty, staff and students—should implement on their computers.

“The second level is ‘more security—regulated data.’ This level is geared toward people who work with data that is protected by law but will not cause extraordinary personal or institutional harm if compromised. This second level takes more precautions than basic security, without overly restricting the users’ computing experience.

“Finally, we ask that all people in charge of data which would in fact cause extraordinary personal or institutional harm if compromised—the ‘highest level security’—to contact us directly so that we can plan a custom security configuration that best suits their situation.”

The goal, according to Hubbs, is to provide users with a painless way to comply with the new Data Stewardship Policy.

“We want to make it as straightforward as possible,” says Hubbs, “so that everyone feels as if they are doing their part to keep vulnerable data safe.”

Hubbs is also offering group presentations about the desktop security steps. Contact her at chubbs@gmu.edu to schedule a presentation for your department or working group.